<?php
include __DIR__ . "/config/cors.php";
include __DIR__ . "/database.php";

$cookie = @$_COOKIE['role'];
$uid = @$_GET['uid'];

if (!isset($cookie) or $cookie != "admin") {
    echo json_encode([
        "code" => 401,
        "message" => "无权访问！"
    ]);
    exit;
} else if (!isset($uid) or !is_numeric($uid)) {
    echo json_encode([
        "code" => 201,
        "message" => "缺少必要参数"
    ]);
    exit;
}

$db = new DB();
$sql = "select * from user where id = $uid";
$data = $db->selectOne($sql);
if (is_array($data) and count($data) > 0) {
    $change = $data['status'] === 'true' ? 'false' : 'true';
    $method = $change === 'true' ? '启用' : '禁用';
    $sql = "update user set status = '$change' where id = $uid";
    if ($db->execute($sql)) {
        echo json_encode([
            "code" => 200,
            "message" => "用户${method}成功"
        ]);
    } else {
        echo json_encode([
            "code" => 205,
            "message" => "用户${method}失败"
        ]);
    }
} else {
    echo json_encode([
        "code" => 202,
        "message" => "查无此用户"
    ]);
}